Skip to main content

Phishing campaign

Follow-up on phishing campaign – with high praise for all

Once again this autumn, SDU carried out a phishing campaign in which a fake email was sent out with the aim of getting employees to provide their login details.

By SDU Digital, 10/31/2023

The campaign revealed great progress compared to the results from the last campaign in the spring of 2023.

This time, only 4.8% of employees provided login details, compared to 19.2% in the spring. This is a very impressive improvement in such a short space of time - so kudos to everyone for that.

Phishing campaigns are here to stay, and although it is positive that we can already see increased awareness, there are still areas where we can improve at SDU.

We need to get better at using the 'Report Phishing' button in Outlook. In the figures from the last two phishing campaigns, the number of clicks on 'Report phishing' has been minimal. In both cases fewer than 400 - we can do better!

By using the 'Report phishing' button, we all help ensure that similar emails can be filtered out. This makes the system more secure for everyone.

As with the spring campaign, anonymised statements, aggregated into cost centres with more than five people, are sent to local management. SDU Digital, Compliance recommends that the topic be brought up for discussion at department meetings or similar. It would be worthwhile to involve local GDPR and information security coordinators.

Editing was completed: 31.10.2023